[cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)
ben at links.org
Sun Jan 6 08:53:40 EST 2013
On Sun, Jan 6, 2013 at 1:15 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> Ben Laurie <ben at links.org> writes:
>>On Sat, Jan 5, 2013 at 1:26 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>>> In the light of yet another in an apparently neverending string of CA
>>> failures, how long are browser vendors going to keep perpetuating this PKI
>>> farce? . Not only is there no recorded instance, anytime, anywhere, of a
>>> browser certificate warning actually protecting users from harm ,
>>This is patently incorrect: Diginotar were caught by a browser warning.
> Well, we think that at least one user was. We definitely know that 300,000
> others weren't. That's hardly a triumph of browser PKI.
> Let's look at the figures in more detail. There are around a billion users of
> the Internet. Let's say that they go to two SSL-enabled sites a day, probably
> a lower bound but it's just a back-of-the-envelope thing. That's two billion
> uses of browser PKI a day, let's call it roughly a trillion a year. SSL has
> been around in significant volume for, say, about 15 years, so that's 15
> trillion uses. The number of people who reported being warned about the
> Diginotar cert was, say, a dozen or so, and of that we don't know how many
> ignored the warning and clicked through anyway, as they've been conditioned to
My understanding is you can't click through a pinning warning.
> There are figures from an earlier invalid-cert case in which exactly one
> user out of 300 was turned back by the warning, but let's be generous and say
> it was two users who were turned away. So out of 15 trillion uses of browser
> PKI, two worked to protect users. In other words it has an effectiveness rate
> of one in seven trillion.
a) I don't believe your figures, and
b) You are not counting all the people who were protected by the early
detection of Diginotar.
> That pretty much makes browser PKI the homeopathy of security.
>>Certificate Transparency is a real security measure that is a response by a
> So the response to the repeated failure of browser PKI is PKI-me-harder.
> Yeah, that's really going to make users safer.
I suspect you don't understand CT - perhaps you'd care to explain why
it is PKI-me-harder?
In any case, its time you updated your out-of-date rant - or, even
better, explained your solution to the problem.
More information about the cryptography